Rewterz Threat Alert – STOP (DJVU) Ransomware – Active IOCs
May 25, 2023Rewterz Threat Alert – Cobalt Strke Malware – Active IOCs
May 26, 2023Rewterz Threat Alert – STOP (DJVU) Ransomware – Active IOCs
May 25, 2023Rewterz Threat Alert – Cobalt Strke Malware – Active IOCs
May 26, 2023Severity
Medium
Analysis Summary
CVE-2023-44520 CVSS:7.8
Adobe Acrobat Reader DC could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the handling of Annotation objects. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code in the context of the current process.
CVE-2023-44519 CVSS:3.3
Adobe Acrobat Reader DC could allow a remote attacker to obtain sensitive information, caused by a use-after-free flaw in handling of Highlight Annotations. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2023-44518 CVSS:7.8
Adobe Acrobat Reader DC could allow a remote attacker to execute arbitrary code on the system, caused by a ue-after-free flaw in the handling of Highlight Annotations. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code in the context of the current process.
CVE-2023-44517 CVSS:3.3
Adobe Acrobat Reader DC could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read flaw in the handling of Annotation objects. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2023-44516 CVSS:3.3
Adobe Acrobat Reader DC could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read flaw in the handling of Annotation objects. By persuading a victim to open a specially crafted font file, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2023-44515 CVSS:3.3
Adobe Acrobat Reader DC could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read flaw in the parsing of embedded fonts. By persuading a victim to open a specially crafted font file, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2023-44514 CVSS:7.8
Adobe Acrobat Reader DC could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the parsing of embedded fonts. By persuading a victim to open a specially-crafted font file, an attacker could exploit this vulnerability to execute arbitrary code in the context of the current process.
CVE-2023-44513 CVSS:7.8
Adobe Acrobat Reader DC could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write flaw in the parsing of embedded fonts. By persuading a victim to open a specially-crafted font file, an attacker could exploit this vulnerability to execute arbitrary code in the context of the current process.
CVE-2023-44512 CVSS:7.8
Adobe Acrobat Reader DC could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write flaw in the parsing of embedded fonts. By persuading a victim to open a specially-crafted font file, an attacker could exploit this vulnerability to execute arbitrary code in the context of the current process.
Impact
- Code Execution
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-44520
- CVE-2023-44519
- CVE-2023-44518
- CVE-2023-44517
- CVE-2023-44516
- CVE-2023-44515
- CVE-2023-44514
- CVE-2023-44513
- CVE-2023-44512
Affected Vendors
Adobe
Affected Products
- Adobe Acrobat Reader DC 22.001.20085
Remediation
Refer to Adobe Security Bulletin for patch, upgrade or suggested workaround information.